skills/a-tokyo/agent-skills/tribunal/Gen Agent Trust Hub

tribunal

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for agents to execute verification commands (such as test runners or linters) to audit deliverables. This capability is a core part of the quality assurance process and is scoped by the orchestrator agent who defines the criteria before the work is performed, ensuring commands are verified before execution.
  • [DATA_EXFILTRATION]: There is no evidence of unauthorized data transfer. The skill manages its internal state using a .tribunal/ directory and explicitly instructs the orchestrator to gitignore this folder to ensure that temporary audit logs and working files remain local to the execution environment.
  • [PROMPT_INJECTION]: The skill operates on an indirect prompt injection surface by evaluating data produced by other agents. It mitigates this via mandatory design invariants described across the documentation:
  • Ingestion points: The orchestrator and verifiers ingest artifacts, diffs, and doer reports as described in SKILL.md and references/consensus-mechanics.md.
  • Boundary markers: It enforces strict 'context walls' where verifiers run in independent sessions without access to the builder's reasoning, self-assessments, or other reviewers' scores.
  • Capability inventory: Agents possess the capability to perform file reads, directory management, and shell command execution for testing and verification purposes.
  • Sanitization: The 'evidence-anchored' rule mandates that all scoring claims include verbatim quotes or file:line references that are grep-checked against the source artifact, preventing agents from being influenced by instructions potentially embedded within the artifact content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:06 AM
Security Audit — agent-trust-hub — tribunal